Search

CN-122027343-A - Quantum key-based data transmission method, device, equipment and medium

CN122027343ACN 122027343 ACN122027343 ACN 122027343ACN-122027343-A

Abstract

The application discloses a data transmission method, a device, equipment and a medium based on a quantum key, which relate to the technical field of financial disaster recovery, and are applied to a first gateway corresponding to a production center in a communication management system, wherein the communication management system also comprises a second gateway corresponding to a disaster recovery center; the method comprises the steps of determining financial data to be transmitted from a production center, determining a current key slice from a key management server, encrypting the financial data to be transmitted by using a key stream corresponding to the current key slice, transmitting corresponding ciphertext data to a second gateway so that the second gateway decrypts the ciphertext data based on the current key slice, and submitting decrypted data to a disaster recovery center. Therefore, encryption of financial data can be realized by combining the key slice of the quantum key and the key stream corresponding to the national encryption algorithm in disaster backup scenes, the ecological fusion of the quantum key and the national encryption algorithm is expanded, and the safety of the financial data can be ensured.

Inventors

  • LU ZEGANG
  • WANG MAOYU

Assignees

  • 重庆银行股份有限公司

Dates

Publication Date
20260512
Application Date
20260325

Claims (10)

  1. 1. The data transmission method based on the quantum key is characterized by being applied to a first gateway corresponding to a production center in a communication management system, wherein the communication management system also comprises a second gateway corresponding to a disaster recovery center, and the method comprises the following steps: Determining financial data to be transmitted from the production center, and determining a current key slice from a key management server, wherein the current key slice is a key slice of a quantum key; encrypting the financial data to be transmitted by using a key stream corresponding to the current key slice; and transmitting the corresponding ciphertext data to the second gateway so that the second gateway decrypts the ciphertext data based on the current key slice and submits the decrypted data to the disaster recovery center.
  2. 2. The quantum key-based data transmission method of claim 1, wherein prior to determining financial data to be transmitted from the production center, further comprising: generating an initial key based on a quantum key distribution technique; And encrypting the initial key by using a preset protection key, and storing the key slice with the ciphertext format to the key management server.
  3. 3. The quantum key-based data transmission method of claim 2, wherein the determining the current key slice from the key management server comprises: generating a public key and a private key based on a national encryption algorithm, and initiating a key request to a key management server by utilizing the public key so that the key management server decrypts a key slice in a ciphertext format stored by the key management server by utilizing the protection key, and the key management server encrypts the key slice in the plaintext format after decryption by utilizing the public key, wherein the key slice is a key slice corresponding to an unused key in the key management server; And acquiring an encrypted key returned by the key management server, and determining a key slice which is obtained by analyzing the encrypted key by using the private key and is in a plaintext format as a current key slice.
  4. 4. The quantum key-based data transmission method according to claim 1, wherein encrypting the financial data to be transmitted using the key stream corresponding to the current key slice comprises: adopting a counter mode of a national encryption algorithm, and generating a corresponding key stream by utilizing the current key slice; Encrypting the financial data to be transmitted by using the key stream, and calculating an integrity check code of corresponding ciphertext data; Correspondingly, the transmitting the corresponding ciphertext data to the second gateway includes: and packaging the ciphertext data and the integrity check code, and transmitting the packaged data to the second gateway.
  5. 5. The quantum key-based data transmission method of claim 4, wherein the process of the second gateway decrypting the ciphertext data based on the current key slice and submitting the decrypted data to the disaster recovery center comprises: And the second gateway decrypts the ciphertext data by using the key stream, verifies the corresponding decrypted data by using the integrity verification code, and submits the decrypted data with the verification result representing the complete data to the disaster recovery center.
  6. 6. The data transmission method based on the quantum key is characterized by being applied to a second gateway corresponding to a disaster recovery center in a communication management system, wherein the communication management system also comprises a first gateway corresponding to a production center, and the method comprises the following steps: the method comprises the steps of obtaining ciphertext data sent by a first gateway, determining a current key slice corresponding to the ciphertext data from a key management server, wherein the ciphertext data is obtained by encrypting financial data to be transmitted determined from a production center by the first gateway through a key stream corresponding to the current key slice, and the current key slice is a key slice of a quantum key; decrypting the ciphertext data based on the current key slice, and submitting the decrypted data to the disaster recovery center.
  7. 7. The data transmission device based on the quantum key is characterized by being applied to a first gateway corresponding to a production center in a communication management system, wherein the communication management system also comprises a second gateway corresponding to a disaster recovery center, and the device comprises: The data and key slice determining module is used for determining financial data to be transmitted from the production center and determining a current key slice from a key management server, wherein the current key slice is a key slice of a quantum key; the encryption module is used for encrypting the financial data to be transmitted by utilizing the key stream corresponding to the current key slice; And the data transmission module is used for transmitting the corresponding ciphertext data to the second gateway so that the second gateway decrypts the ciphertext data based on the current key slice and submits the decrypted data to the disaster recovery center.
  8. 8. The data transmission device based on the quantum key is characterized by being applied to a second gateway corresponding to a disaster recovery center in a communication management system, wherein the communication management system also comprises a first gateway corresponding to a production center, and the device comprises: The data acquisition module is used for acquiring ciphertext data sent by the first gateway and determining a current key slice corresponding to the ciphertext data from the key management server, wherein the ciphertext data is obtained by encrypting financial data to be transmitted determined from the production center by using a key stream corresponding to the current key slice by the first gateway; And the data submitting module is used for decrypting the ciphertext data based on the current key slice and submitting the decrypted data to the disaster recovery center.
  9. 9. An electronic device, comprising: A memory for storing a computer program; A processor for executing the computer program to implement the quantum key based data transmission method of any one of claims 1 to 7.
  10. 10. A computer-readable storage medium for storing a computer program which, when executed by a processor, implements the quantum key based data transmission method of any one of claims 1 to 7.

Description

Quantum key-based data transmission method, device, equipment and medium Technical Field The invention relates to the technical field of financial disaster recovery, in particular to a data transmission method, device, equipment and medium based on a quantum key. Background The financial co-city disaster backup is a life line for guaranteeing continuity of financial business, and related data synchronous transmission faces multiple risks of eavesdropping, tampering, supply chain attack and the like. While quantum key distribution (Quantum Key Distribution, QKD) technology can theoretically provide information-theory-secure key distribution, the current scheme is mostly stayed in simply interfacing QKD with a general encryption device, and lacks a deep and systematic fusion with the ecological and domestic hardware platform of the national encryption algorithm. This results in uncontrollable key usage, security of data operations, and overall security levels are limited by the weakest link. Therefore, how to improve the security of the financial data transmission process related to the financial same city disaster recovery is a problem to be solved in the field. Disclosure of Invention Therefore, the invention aims to provide a data transmission method, device, equipment and medium based on a quantum key, which can realize encryption of financial data by combining a key slice of the quantum key and a key stream corresponding to a national encryption algorithm in disaster backup scenes, expand the integration of the quantum key and the national encryption algorithm ecology and ensure the safety of the financial data. The specific scheme is as follows: In a first aspect, the present application provides a data transmission method based on a quantum key, which is applied to a first gateway corresponding to a production center in a communication management system, where the communication management system further includes a second gateway corresponding to a disaster recovery center, and the method includes: Determining financial data to be transmitted from the production center, and determining a current key slice from a key management server, wherein the current key slice is a key slice of a quantum key; encrypting the financial data to be transmitted by using a key stream corresponding to the current key slice; and transmitting the corresponding ciphertext data to the second gateway so that the second gateway decrypts the ciphertext data based on the current key slice and submits the decrypted data to the disaster recovery center. Optionally, before determining the financial data to be transmitted from the production center, the method further includes: generating an initial key based on a quantum key distribution technique; And encrypting the initial key by using a preset protection key, and storing the key slice with the ciphertext format to the key management server. Optionally, the determining the current key slice from the key management server includes: generating a public key and a private key based on a national encryption algorithm, and initiating a key request to a key management server by utilizing the public key so that the key management server decrypts a key slice in a ciphertext format stored by the key management server by utilizing the protection key, and the key management server encrypts the key slice in the plaintext format after decryption by utilizing the public key, wherein the key slice is a key slice corresponding to an unused key in the key management server; And acquiring an encrypted key returned by the key management server, and determining a key slice which is obtained by analyzing the encrypted key by using the private key and is in a plaintext format as a current key slice. Optionally, the encrypting the financial data to be transmitted by using the key stream corresponding to the current key slice includes: adopting a counter mode of a national encryption algorithm, and generating a corresponding key stream by utilizing the current key slice; Encrypting the financial data to be transmitted by using the key stream, and calculating an integrity check code of corresponding ciphertext data; Correspondingly, the transmitting the corresponding ciphertext data to the second gateway includes: and packaging the ciphertext data and the integrity check code, and transmitting the packaged data to the second gateway. Optionally, the process of decrypting the ciphertext data by the second gateway based on the current key slice and submitting the decrypted data to the disaster recovery center includes: And the second gateway decrypts the ciphertext data by using the key stream, verifies the corresponding decrypted data by using the integrity verification code, and submits the decrypted data with the verification result representing the complete data to the disaster recovery center. In a second aspect, the application provides a data transmission method based on a quantum key, which is applied